CVE-2025-21746

EPSS 0.03%
Veröffentlicht 27.02.2025 03:15:15
Zuletzt bearbeitet 28.10.2025 20:48:01
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Input: synaptics - fix crash when enabling pass-through port

When enabling a pass-through port an interrupt might come before psmouse
driver binds to the pass-through port. However synaptics sub-driver
tries to access psmouse instance presumably associated with the
pass-through port to figure out if only 1 byte of response or entire
protocol packet needs to be forwarded to the pass-through port and may
crash if psmouse instance has not been attached to the port yet.

Fix the crash by introducing open() and close() methods for the port and
check if the port is open before trying to access psmouse instance.
Because psmouse calls serio_open() only after attaching psmouse instance
to serio port instance this prevents the potential crash.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.5 < 6.6.80

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.17

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.089

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://git.kernel.org/stable/c/08bd5b7c9a2401faabdaa1472d45c7de0755fd7e

Patch

https://git.kernel.org/stable/c/3e179d3f1ada963475395d81bfe91daef4d1a24c

Patch

https://git.kernel.org/stable/c/87da1ea93ec9f9f0004e5b12e78789bc94e360bf

Patch

https://git.kernel.org/stable/c/a2cbcd70133dc0d4d4c95ad4cd5412b935354c7c

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-21746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21746

EUVD